Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System

Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System

Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can po...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Sayyadabdi, Amirhosein, Ladani, Behrouz Tork, Zamani, Bahman
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science - Cryptography and Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-known vulnerability found in Android's custom permissions.
DOI:10.48550/arxiv.2208.11062